<?php	

class Sql {
	private $sql_object = false;

	public function __construct() {
	}
	
	public static function ExecuteScalar($storedProcedure) {
		$mysql = getDBConnection();
		$storedProcedureCall = Sql::GenerateStoredProcedureCall($storedProcedure, func_get_args());
		$resultArray = $mysql->query($storedProcedureCall);
		$returnArray = array();
		while ($row = $resultArray->fetch_array(MYSQL_ASSOC)) {
			foreach ($row as $key=>$value) {
				$row[$key] = Sql::CleanReturn($value);
			}
			$returnArray[] = $row;
		}
		@mysql_free_result($resultArray);
		if (count($returnArray)>=1) {
			return $returnArray[0];
		}
		return false;
	}
	
	public static function Execute($storedProcedure) {
		$mysql = getDBConnection();
		$storedProcedureCall = Sql::GenerateStoredProcedureCall($storedProcedure, func_get_args());
		$resultArray = $mysql->query($storedProcedureCall);
		$returnArray = array();
		while ($row = $resultArray->fetch_array(MYSQL_ASSOC)) {
			foreach ($row as $key=>$value) {
				$row[$key] = Sql::CleanReturn($value);
			}
			$returnArray[] = $row;
		}
		@mysql_free_result($resultArray);
		return $returnArray;
	}
	
	private static function GenerateStoredProcedureCall($storedProcedure, $arguments) {
		$storedProcedureCall = "CALL ".$storedProcedure."(";
		//loop through params and add them on..
		for($i=1;$i<count($arguments);$i++) {
			$storedProcedureCall .= "'".$arguments[$i]."'";
			if ($i!=count($arguments)-1) {
				$storedProcedureCall .= ", ";
			}
		}
		$storedProcedureCall .= ");";
		return $storedProcedureCall;
	}
	
	private static function CleanReturn($string) {
		$string = str_replace("\\r", "<br/>", $string);
		$string = str_replace("\\n", "<br/>", $string);
		$string = stripslashes($string);
		return $string;
	}
	
	public static function Sanitize($string) {
		$mysql = getDBConnection();
		return $mysql->real_escape_string($string);
	}
}
?>